Blog

When we started developing Multiloginapp more than two years ago, it was merely a launcher for browsers that were already installed on a user’s computer. Why did we decide to do it this way in the first place? For starters, we didn’t have any community trust to develop a more complex solution. For example, an unknown company offering a heavily custom-coded browser could raise a few reasonable suspicions.

At the same time, everyone else who was trying to combat browser fingerprinting tried to keep them under control by employing browser add-ons. In those days, Multiloginapp was designed to inject sophisticated browser add-ons into browsers upon launching. The browser would receive specific parameters to create a browser profile from Multiloginapp and configure them on the spot.

Was there anything wrong with adhering to the established standard? Not really, after all, everyone was doing the same thing. What we didn’t know, and came to realize later, is that there were multiple ways websites could reveal a browser’s real fingerprint even after they were rewritten by add-ons. We have covered some of these methods before, like in our article about Content Security Policy, but the reality is that there are multiple ways websites can still extract the real fingerprint from a browser that uses privacy add-ons.

Another major problem we encountered is that our injection mechanism, which is written in Javascript, would interfere with scripts used on some websites. This resulted in a limited browsing experience for some users, while others were unable to use specific websites at all. In some of these cases, users could disable certain Multiloginapp features, but they would experience reduced privacy.

The only real solution was to scrap everything and start developing our own Chromium-based browser, so we did. After several months of hard work, we released an alpha version of this web browser without a logo or a name, and the results astounded out testing team!

While the browser looked identical to the Chrome most of us use, inside it was a piece of art. Let us take a closer look at what we have in it…

Introducing Mimic Browser

Mimic browser, or simply Mimic, is a Chromium-based browser that enhances your privacy and allows you to control your browser fingerprints. The browser looks almost identical to the Chrome most people use every day, but we have customized it to effectively combat the most effective types of browser fingerprinting used today.

In Mimic, we introduced different ways to combat several browser fingerprinting mechanisms. For example, according to our own research, many major websites are starting to implement a fingerprinting technique based on the AudioContext object. This fingerprint became popularized thanks to the so-called Uber-cookie fingerprint test. This test has nothing to do with Cookies, instead, it generates sounds that are readable to Javascript functions, even if the system volume is at 0.

Websites can then generate a hash based on the results and compare the different variations to identify users. Mimic can mask the resulting values of the AudioContext object and ultimately distort the fingerprint for each browser profile you create in Multiloginapp.

Another feature we implemented in Mimic is the ability to control WebGL fingerprints. WebGL is a type of “hardware fingerprint” and it works in two different ways. The first method is similar to Canvas fingerprinting, so websites are given the task of drawing an image. The picture will have different variations based on the OS, hardware, and drivers used; and these can be used to produce a specific fingerprint.

The second method relies on producing a hash of the entire WebGL Browser Report table, which lists the capabilities and supported extensions of WebGL renderer engine. The hash is taken from the highest supported WebGL context dump and can be easily used to distinguish between different browsers. Mimic provides a feasible solution to mask both fingerprints and control them through the profiles you create on Multiloginapp.*

Mimic browser also provides a solution for problems with automatic timezone selection. In Multiloginapp, time zones were automatically chosen based on a proxy location. This created a problem because Linux and Windows use different timezone variables. Furthermore, timezone variables in Windows do not match the IANA standard that all other operating systems and applications use. Mimic is designed to handle this situation automatically so that timezone selection is not a problem.

Some sites employ sophisticated browser fingerprinting mechanisms like system font enumeration. Mimic is the only browser capable of creating a completely unique list of fonts for each browser profile you create. All you have to do is create different profiles and the browser will take care of everything else automatically.

Finally, Mimic browser is less likely to raise any red flags because it’s based on a Chromium engine, which means websites will be less likely to scrutinize it. On the other hand, browsers based off of Firefox tend to be regarded as higher risk traffic.

Why Websites Trust Chrome More than Firefox

For a very long time, all custom browsers with fingerprint management capabilities were developed on the Firefox engine. Firefox is engineered to be easily customizable, so it’s extremely easy to “fork” it and produce your own browser. Any developer that works with C++ can create their own browser “in a garage.” To give you an idea, the prototype for our very own Stealthfox browser was literally written in Notepad!

But, the same can’t be said for the Chromium engine. The source code of Chromium alone consists of 28 gigabytes of code, so compilation takes a few hours even on a high-end laptop. In a real development environment, you would need an extremely powerful workstation or a stable cloud environment to work on it.

All this means that there are many customized forks of Firefox and not many forked versions of Chromium. Most internet bots that are designed to emulate human behavior are built on a Firefox engine. On the other hand, Chromium-based custom browsers are usually only available to big development studios with significant budgets and human capital. Knowing this, most companies and websites consider traffic that comes from Firefox browser way riskier than that coming from Chrome.

The Kicker

Most people that are concerned about privacy believe that only Chrome poses a threat to their information. They believe that the Chromium web browser is free of trackers and that Google adds them later on when turning Chromium into Chrome. Little do they know… while Chromium is an open-source browser and everyone can check its code (not that it’s an easy task, remember those 28GBs of code?) we haven’t found any information about trackers built into Chromium on the internet.

As you already know, websites utilize different features of modern browsers to fingerprint their visitors. Here comes the kicker: Google does the exact same thing. Fingerprinting mechanisms are built into the Chromium engine, and the results are being sent right to Google servers.

Fortunately, Mimic browser offers a robust solution. When we created Mimic, we rewrote all of Google’s telemetry functions, so now Google will receive the same exact fingerprint as any other website would. And of course, this fingerprint is provided by Multiloginapp, so it remains under your full control.

To this date, Mimic is the only browser that creates unique browser fingerprints and broadcasts them to both websites and, internally, to Google servers. This provides the ultimate level of privacy while surfing the web without sacrificing your browsing experience whatsoever.

Public beta-testing of Mimic browser begins shortly. Click here to participate in the testing.

* WebGL renderer masking will not be available in the beta version of Mimic browser.